Zero-day vulnerability in Siemens SIMATIC WinCC

Hardcoded credentials
CVE-2010-2772

The vulnerabiilty was used by Stuxnet malware together with CVE-2012-3015.

Vulnerability details

Advisory: SB2010072103 - Hardcoded credentials in Siemens SIMATIC WinCC and PSC 7 SCADA systems

Vulnerable component: Siemens SIMATIC WinCC

CVE-ID: CVE-2010-2772

CVSSv3 score: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C

CWE-ID: CWE-259 - Use of Hard-coded Password

Description:

The vulnerability allows a local user to obtain hardcoded credentials.

The vulnerability exists due to usage of hardcoded password to access back-end database. A local user can obtain password and gain unaithorized access SCADA system.

Successful exploitation of the vulnerability may allow an attacker to gain complete control over the industrial process.

Note: this vulnerability is being actively exploited by the Stuxnet malware.

Known APT campaigns:

Iranian Nuclear Facilities breach

The breach was identified in summer 2010 by VirusBlokada antivirus company from Belarus, who was called to investigate computers in Iranian nuclear facilities.

Vulnerability Scanning SaaS

Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.